Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
bug #26788 [Security] Load the user before pre/post auth checks when …
…needed (chalasr)

This PR was merged into the 2.8 branch.

Discussion
----------

[Security] Load the user before pre/post auth checks when needed

| Q             | A
| ------------- | ---
| Branch?       | 2.8
| Bug fix?      | yes
| New feature?  | n/a
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #26775
| License       | MIT
| Doc PR        | n/a

Commits
-------

c318306 [Security] Load the user before pre/post auth checks when needed
  • Loading branch information
nicolas-grekas committed Apr 4, 2018
2 parents 3c54c4a + c318306 commit 1605684
Show file tree
Hide file tree
Showing 2 changed files with 70 additions and 0 deletions.
Expand Up @@ -11,8 +11,11 @@

namespace Symfony\Component\Security\Core\Authentication\Provider;

use Symfony\Component\Security\Core\Exception\AuthenticationServiceException;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
use Symfony\Component\Security\Core\User\UserChecker;
use Symfony\Component\Security\Core\User\UserCheckerInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authentication\SimpleAuthenticatorInterface;
Expand Down Expand Up @@ -45,6 +48,24 @@ public function authenticate(TokenInterface $token)
}

$user = $authToken->getUser();

if (!$user instanceof UserInterface) {
try {
$user = $this->userProvider->loadUserByUsername($user);

if (!$user instanceof UserInterface) {
throw new AuthenticationServiceException('The user provider must return a UserInterface object.');
}
} catch (UsernameNotFoundException $e) {
$e->setUsername($user);
throw $e;
} catch (\Exception $e) {
$e = new AuthenticationServiceException($e->getMessage(), 0, $e);
$e->setToken($token);
throw $e;
}
}

$this->userChecker->checkPreAuth($user);
$this->userChecker->checkPostAuth($user);

Expand Down
Expand Up @@ -15,6 +15,7 @@
use Symfony\Component\Security\Core\Exception\DisabledException;
use Symfony\Component\Security\Core\Authentication\Provider\SimpleAuthenticationProvider;
use Symfony\Component\Security\Core\Exception\LockedException;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;

class SimpleAuthenticationProviderTest extends TestCase
{
Expand Down Expand Up @@ -72,6 +73,54 @@ public function testAuthenticateWhenPostChecksFails()
$provider->authenticate($token);
}

public function testAuthenticateFromString()
{
$user = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserInterface')->getMock();

$token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock();
$token->expects($this->any())
->method('getUser')
->will($this->returnValue('foo'));

$authenticator = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\SimpleAuthenticatorInterface')->getMock();
$authenticator->expects($this->once())
->method('authenticateToken')
->will($this->returnValue($token));

$userProvider = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserProviderInterface')->getMock();
$userProvider->expects($this->once())
->method('loadUserByUsername')
->willReturn($this->getMockBuilder('Symfony\Component\Security\Core\User\UserInterface')->getMock());
$provider = $this->getProvider($authenticator, $userProvider);

$this->assertSame($token, $provider->authenticate($token));
}

/**
* @expectedException \Symfony\Component\Security\Core\Exception\UsernameNotFoundException
*/
public function testUsernameNotFound()
{
$user = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserInterface')->getMock();

$token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock();
$token->expects($this->any())
->method('getUser')
->will($this->returnValue('foo'));

$authenticator = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\SimpleAuthenticatorInterface')->getMock();
$authenticator->expects($this->once())
->method('authenticateToken')
->will($this->returnValue($token));

$userProvider = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserProviderInterface')->getMock();
$userProvider->expects($this->once())
->method('loadUserByUsername')
->willThrowException(new UsernameNotFoundException());

$this->getProvider($authenticator, $userProvider)->authenticate($token);
}

protected function getProvider($simpleAuthenticator = null, $userProvider = null, $userChecker = null, $key = 'test')
{
if (null === $userChecker) {
Expand Down

0 comments on commit 1605684

Please sign in to comment.